44 lines
1.1 KiB
PHP
44 lines
1.1 KiB
PHP
<?php
|
|
require "../api.php";
|
|
|
|
ini_set("display_errors", 1);
|
|
ini_set("display_startup_errors", 1);
|
|
error_reporting(E_ALL);
|
|
|
|
$api = new spamhasiApi();
|
|
|
|
if (!$api->checkAuth()) {
|
|
header("Location: /index.html?status=500&error=Unauthorized");
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_POST["id"]) || !isset($_POST["name"]) || !isset($_POST["mail"]) || !isset($_POST["number"])) {
|
|
die('{"status":500, "error":"Missing fields"}');
|
|
}
|
|
|
|
$name = htmlspecialchars($_POST["name"]);
|
|
$mail = htmlspecialchars($_POST["mail"]);
|
|
$number = intval(htmlspecialchars($_POST["number"]));
|
|
echo $number;
|
|
$id = intval(htmlspecialchars($_POST["id"]));
|
|
if (isset($_POST["enabled2"])) {
|
|
$enabled = 1;
|
|
}else{
|
|
$enabled = 0;
|
|
}
|
|
|
|
$db = $api->getDB();
|
|
|
|
$sql = "UPDATE opfer SET name = :name, mail = :mail, number = :number, status = :status WHERE id = :id";
|
|
|
|
$stmt = $db->prepare($sql);
|
|
|
|
$sql_exec = $stmt->execute([':name' => $name, ':mail' => $mail, ':number' => $number, ':status' => $enabled, ':id' => $id]);
|
|
|
|
if ($sql_exec) {
|
|
header("Location: /index.html?status=200");
|
|
}else{
|
|
header("Location: /index.html?status=500&error=SQL Error");
|
|
}
|
|
exit;
|
|
?>
|